* Good recommendations. Official docs mostly avoid recommendations among a myriad of possibilities
* Closely references & supplements official documentation
+* Automatic security updates
* Explicit automation support wherever practical
-* Used to setup this site (style optional)
-* Contributions welcome and will be updated/tested on this very site!
+* Used to setup this site (style is optional)
* Support for multiple gnu/linux distros
-* Holistic scope (backups, server setup), but sections stand on their own
-* Explicit support for production & local testing instance. Additions for production like https and web analytics.
-* Edits to this page are closely monitored by the original author.
+* Holistic scope (backups, server setup), but sections are independent
+* Code blocks are [https://en.wikipedia.org/wiki/Idempotent idempotent]
+* Edits to this page are tested on this site and reviewed by the main author.
'''Assumptions'''
-* Self hosting, single GNU/Linux system with Bash shell
-* Root shell is assumed throughout
-* Code blocks are [https://en.wikipedia.org/wiki/Idempotent idempotent]
+* Self hosting, single GNU/Linux system with root Bash shell
+
'''Version Support'''
Very minor adjustments needed for other distros. Help expand this list.
-* Mediawiki 1.27 & 1.28
+* Mediawiki 1.28, 1.27 support is planned to be re-added.
* Debian 8 + backports
* Debian 8
-* Debian testing (last tested Aug 7, 2016)
+* Debian stretch
Pre 5/2016 revisions ran Mediawiki 1.23, tested on Fedora 20 and Ubuntu 14.04.
The most common route and the one taken by this site is buying a domain name from a site like namecheap, and a cheap vps from companies like linode or digital ocean. They have good getting started guides which mostly apply beyond their own sites.
+'''Install Certbot'''
+
+For debian jessie with backports:
+<source lang="bash">
+# if we have jessie-backports, we need to use it.
+if ! apt-get install -t jessie-backports certbot python-certbot-apache; then
+ apt-get install certbot python-certbot-apache
+fi
+</source>
+
+For other distros, follow instructions at [https://certbot.eff.org/ certbot.eff.org].
+
'''Email Setup'''
Setting up email can be an involved process, and this guide assumes that a some program (usually postfix or exim) is implementing a functional sendmail interface. Mediawiki uses email with to send password reminders or notifications, and this guide includes cronjobs for updating mediawiki and doing backups which will send mail in the case of an error. Email is also the recommended way to get notifications of package updates which require manual steps such as restarting of services.
export wikiuser="REPLACE_ME"
export wikipass=REPLACE_ME
-# root password for the mysql database
+# root & user password for the mysql database
export dbpass=REPLACE_ME
export mwdomain=REPLACE_ME # domain name. for this site, it's ofswiki.org
# The rest of this section will work fine with no changes.
-# git branch for mediawiki + extensions.
-# This guide has only been tested with 1_28.
+# git branch for mediawiki + extensions. See intro for supported versions.
# branch names: https://git.wikimedia.org/branches/mediawiki%2Fcore.git
export mw_branch=REL1_28
local url=$1
local original_pwd="$PWD"
local name
- local re='[^/]*/[^/]*$'
+ local re='[^/]*/[^/]*$' # last 2 parts of path
[[ $url =~ $re ]] ||:
target=$mw/${BASH_REMATCH[0]}
if [[ ! -e $target/.git ]]; then
}
mw-ext () {
local ext
- for ext in "$@"; do
+ for ext; do
mw-clone https://gerrit.wikimedia.org/r/p/mediawiki/extensions/$ext
- if [[ -e $mw/ext/$ext/extension.json ]]; then
- # new style extension. remove old style declaration
- sed -i --follow-symlinks '#^require_once( "\\\$IP/extensions/\$ext/\$ext\.php" );#d' $mwc
+ if [[ -e $mw/extensions/$ext/extension.json ]]; then
+ # new style extension
teeu $mwc <<EOF
wfLoadExtension( '$ext' );
EOF
# main reference:
# https://www.mediawiki.org/wiki/Manual:Running_MediaWiki_on_Ubuntu
apt-get update
- DEBIAN_FRONTEND=noninteractive apt-get install -y imagemagick
+ DEBIAN_FRONTEND=noninteractive apt-get install -y imagemagick curl
if apt-get install -s mediawiki &>/dev/null; then
- # mediawiki is packaged in jessie backports.
- DEBIAN_FRONTEND=noninteractive apt-get -y install php5-apcu mediawiki
+ apcu=php5-apcu
+ if apt-get install -s php7.0-apcu &>/dev/null; then
+ apcu=php7.0-apcu
+ fi
+ # mediawiki is packaged in jessie backports & stretch
+ DEBIAN_FRONTEND=noninteractive apt-get -y install $apcu mediawiki
else
# https://www.mediawiki.org/wiki/Manual:Installation_requirements
if apt-get install -s php7.0 &>/dev/null; then
fi
-# slightly different depending on if we already set the root pass
-if echo exit|mysql -u root -p"$dbpass"; then
- # answer interactive prompts:
- # mysql root pass, change pass? no, remove anon users? (default, yes)
- # disallow remote root (default, yes), reload? (default, yes)
- echo -e "$dbpass\nn\n\n\n\n" | mysql_secure_installation
-else
- # I had 1 less newline at the start when doing ubuntu 14.04,
+# skip if we already set the root pass and are on pre-debian 9.
+if ! echo exit|mysql -uroot "-p$dbpass"; then
+ # Note: we set a root password here, but in debian 9+, it is ignored;
+ # only the local user root can login, and any password is accepted.
+ # We answer these interactive prompts:
+ # Enter current password for root (enter for none):
+ # Set root password? [Y/n]
+ # New password:
+ # Re-enter new password:
+ # Remove anonymous users? [Y/n]
+ # Disallow root login remotely? [Y/n]
+ # Remove test database and access to it? [Y/n]
+ # Reload privilege tables now? [Y/n]
+ # Note, I had 1 less newline at the start when doing ubuntu 14.04,
# compared to debian 8, so can't say this is especially portable.
- # It won't hurt if it fails.
echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
fi
+mysql -uroot "-p$dbpass" <<EOF
+GRANT ALL PRIVILEGES ON my_wiki.* TO 'wikiuser'@'localhost' IDENTIFIED BY '$dbpass';
+EOF
</source>
# git branch -r
git checkout -f origin/$mw_branch
git clean -ffxd
+# apply librejs patch
+curl "https://iankelling.org/git/?p=mediawiki-librejs-patch;a=blob_plain;f=mediawiki-1.28-librejs.patch;hb=HEAD" | patch -r - -N -p1
# Get the php libraries wmf uses. Based on:
# https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries
if [[ ! -e vendor/.git ]]; then
# Drop any previous database which may have been installed while testing.
# If upgrading, we should have a db backup which will get restored.
# https://www.mediawiki.org/wiki/Manual:Upgrading
-mysql -u root -p$dbpass <<'EOF' ||:
+mysql -uroot "-p$dbpass" <<'EOF' ||:
drop database my_wiki;
exit
EOF
php $mw/maintenance/install.php --pass $wikipass --scriptpath /w \
- --dbuser root --dbpass $dbpass "$mwdescription" "$wikiuser"
+ --dbuser wikiuser --dbpass $dbpass "$mwdescription" "$wikiuser"
teeu $mwc <<'EOF'
# lock down the wiki to only the initial owner until anti-spam measures are put in place
# limit edits to registered users
the apache config.
<source lang="bash">
-temp=$(mktemp -d)
-cd $temp
-git_site=https://iankelling.org/git
-git clone $git_site/acme-tiny-wrapper
l=$mw/../../logs
mkdir -p $l
-
-acme-tiny-wrapper/acme-tiny-wrapper -t $mwdomain
-
-git clone $git_site/basic-https-conf
+temp=$(mktemp -d)
+cd $temp
+# for me, this repo is on the same server and apache needs a sec after restarting
+sleep 1
+git clone https://iankelling.org/git/basic-https-conf
{ cat <<EOF
ServerAdmin $mw_email
RewriteEngine On
| while read line; do
echo -e "<Directory ${line%/.htaccess}>\n $(< $line)\n</Directory>";
done
-} | basic-https-conf/apache-site -r ${mw%/*} - $mwdomain
+} | basic-https-conf/web-conf -r ${mw%/*} - apache2 $mwdomain
cd
rm -rf $temp
</source>
\$wgRightsIcon = "$mw_RightsIcon";
EOF
</source>
-Settings I recommend which are different than the defaults.
+Settings asked by the gui setup which are different than the install script defaults. They different because the defaults are the most compatible and unobtrusive.
<source lang="bash">
teeu $mwc<<EOF
\$wgPasswordSender = "$mw_email";
\$wgMainCacheType = CACHE_ACCEL;
\$wgEnableUploads = true;
\$wgUseInstantCommons = true;
+\$wgPingback = true;
EOF
</source>
$wgNoFollowLinks = false;
# Allow user customization.
$wgAllowUserCss = true;
-
# use imagemagick over GD
$wgUseImageMagick = true;
+# manual says this is not production ready, I think that is mostly
+# because they are using MobileFrontend extension instead, which gives
+# an even cleaner more minimal view, I plan to try setting it up
+# sometime but this seems like a very nice improvement for now.
+$wgVectorResponsive = true;
EOF
# Make the toolbox go into the drop down.
cd $mw/skins/Vector
if ! git remote show ian-kelling &>/dev/null; then
- git remote add ian-kelling https://iankelling.org/git/forks/Vector
+ git remote add ian-kelling https://iankelling.org/git/mediawiki-sidebar-patch
fi
git fetch ian-kelling
git checkout ian-kelling/${mw_branch}-toolbox-in-dropdown
''' Extensions with no configuration needed '''
-{| class="wikitable"
+{| class="writable"
! Name
! Description
|-
| [[mediawikiwiki:Extension:Cite|Extension:Cite]]
- | Have references in footnotes.
+ | Have references in footnotes*
|-
| [[mediawikiwiki:Extension:CiteThisPage|Extension:CiteThisPage]]
- | Ability to generate citations to pages in a variety of styles.
+ | Ability to generate citations to pages in a variety of styles*
+ |-
+ | [[mediawikiwiki:CheckUser|Extension:CheckUser]]
+ | Get ip addresses from inside mediawiki so you can ban users''
|-
| [[mediawikiwiki:Extension:CSS|Extension:CSS]]
| Allows CSS stylesheets to be included in specific articles
| Notification subsystem for usage by other extensions
|-
| [[mediawikiwiki:Extension:Gadgets|Extension:Gadgets]]
- | UI extension system for users
+ | UI extension system for users*
|-
| [[mediawikiwiki:Extension:ImageMap|Extension:ImageMap]]
- | Links for a region of an image
+ | Links for a region of an image*
|-
| [[mediawikiwiki:Extension:Interwiki|Extension:Interwiki]]
- | Tool for nice links to other wikis
+ | Tool for nice links to other wikis*
|-
| [[mediawikiwiki:Extension:News|Extension:News]]
| Embed or rss recent changes
|-
| [[mediawikiwiki:Extension:Nuke|Extension:Nuke]]
- | Mass delete of pages, in the case of spam
+ | Mass delete of pages, in the case of spam*
|-
| [[mediawikiwiki:Extension:ParserFunctions|Extension:ParserFunctions]]
- | Useful for templates
+ | Useful for templates*
|-
| [[mediawikiwiki:Extension:Poem|Extension:Poem]]
- | Useful for formatting things various ways
+ | Useful for formatting things various ways*
+ |-
+ | [[mediawikiwiki:Extension:Renameuser|Extension:Renameuser]]
+ | Allows bureaucrats to rename user accounts*
|-
| [[mediawikiwiki:Extension:SyntaxHighlight_GeSHi|Extension:SyntaxHighlight_GeSHi]]
- | Source code highlighting
+ | Source code highlighting*
|-
| [[mediawikiwiki:Extension:Variables|Extension:Variables]]
| Define per-page variables
|}
+<nowiki>*</nowiki> = Comes with the MediaWiki default download.
+
<source lang="bash">
-mw-ext Cite CiteThisPage CSS Echo Gadgets ImageMap Interwiki News \
- Nuke ParserFunctions Poem SyntaxHighlight_GeSHi Variables
+mw-ext Cite CiteThisPage CheckUser CSS Echo Gadgets ImageMap Interwiki News \
+ Nuke ParserFunctions Poem Renameuser SyntaxHighlight_GeSHi Variables
</source>
</source>
-''' [[mediawikiwiki:CheckUser|Extension:CheckUser]]: Get ip addresses from inside mediawiki so you can ban users'''
-
-On <= 1.27, requires special install steps or we can get into a bad state. Add a sleep like the default of update.php to avoid errors.
-<source lang="bash">
-mw-ext CheckUser
-if [[ -e $mw/extensions/CheckUser/install.php ]]; then
- sudo -u $apache_user php $mw/extensions/CheckUser/install.php; sleep 1
-fi
-</source>
-
-
'''[[mediawikiwiki:Extension:Wikidiff2|Extension:Wikidiff2]]: Faster and international character supported page diffs'''
I used packaged version since this is a c++ and probably not very tied to the Mediawiki version. This isn't packaged in fedora, haven't gotten around to testing and adding the code to compile it for fedora.
''' [[mediawikiwiki:Extension:SpamBlacklist|Extension:SpamBlacklist]]: Import/create IP blacklists, mainly for spam'''
+Comes with MediaWiki.
+
<source lang="bash">
mw-ext SpamBlacklist
if ! grep -F '$wgSpamBlacklistFiles = array(' $mwc &>/dev/null; then
''' [[mediawikiwiki:Extension:TitleBlacklist|Extension:TitleBlacklist]]: Anti-spam '''
+Comes with Mediawiki.
+
<source lang="bash">
mw-ext TitleBlacklist
if ! grep -F '$wgTitleBlacklistSources = array(' $mwc &>/dev/null; then
''' [[mediawikiwiki:Extension:WikiEditor|Extension:WikiEditor]]: Editing box extras and a fast preview tab '''
+Comes with MediaWiki.
+
<source lang="bash">
mw-ext WikiEditor
teeu $mwc <<'EOF'
EOF
</source>
-'''[[mediawikiwiki:Extension:ConfirmEdit|Extension:ConfirmEdit]]: Custom Captcha'''
+'''[[mediawikiwiki:Extension:ConfirmEdit|Extension:ConfirmEdit]]: Custom Captcha.'''
-Uses captchaArray defined in mw_vars.
+Uses captchaArray defined in mw_vars. Comes with MediaWiki.
<source lang="bash">
mw-ext ConfirmEdit
# remove side panel
# helpfull doc: https://www.mediawiki.org/wiki/Manual:Interface/Sidebar
x("mediawiki:Common.css", """/* adjust sidebar to just be home link and up top */
+/* adjust sidebar to just be home link and up top */
/* panel width increased to fit full wiki name. */
+/* selectors other than final id are for increasing priority of rule */
div#mw-panel { top: 10px; padding-top: 0em; width: 20em }
div#footer, #mw-head-base, div#content { margin-left: 1em; }
#left-navigation { margin-left: 1em; }
/* logo, and toolbar hidden */
-#p-logo, #p-tb.portal {
+#p-logo, div#mw-navigation div#mw-panel #p-tb {
display:none;
}
-/* make the font size smaller for the misc stuff */
-#p-personal {
- font-size: 0.8em;
-}
-
-#footer-info {
- font-size: 0.8em;
-}
div#mw-content-text {
max-width: 720px;
}
set -e
chmod -R g+w $mw/images
chgrp -R www-data $mw/images
-mysql -u root -p$dbpass my_wiki < /tmp/wiki_db_restore/wiki_db_backup
+mysql -uroot "-p$dbpass" my_wiki < /tmp/wiki_db_restore/wiki_db_backup
php $mw/maintenance/update.php
EOF
</source>
dd of=$s<<'EOF'
#!/bin/bash
source ~/mw_vars
-cd $mw
-for dir in extensions/* skins/* $mw; do
- [[ -d $dir ]] || continue
+update() {
+ dir=$1
+ cd $mw
+ [[ -d $dir ]] || return 1
cd $dir
branch=$(git describe --all)
branch=${branch#remotes/}
git fetch --all -q
new_head=$(git rev-parse $branch)
log=$(git log HEAD..$new_head)
- if [[ $log ]]; then
- pwd
- echo "$log"
+ if [[ ! $log ]]; then
+ return 1
fi
- git checkout -q $new_head
+ pwd
+ echo "$log"
+ git checkout -qf $new_head
cd $mw
+ return 0
+}
+for dir in extensions/* skins/* vendor; do
+ update "$dir" ||:
done
+if update .; then
+ curl "https://iankelling.org/git/?p=mediawiki-librejs-patch;a=blob_plain;f=mediawiki-1.28-librejs.patch;hb=HEAD" | patch -r - -N -p1
+fi
php $mw/maintenance/update.php -q --quick
EOF
Here are brief descriptions of extensions that are part of distributions and why they were rejected for this wiki.
{| class="wikitable"
+ |+
+ | '''Footnote''' || deprecated in newer versions
|+
| '''InputBox''' || Add html forms to pages. Can't imagine using it. Would install if I did.
|+
- | '''Pdfhandler''' || Gallery of pages from a pdf file. Can't imagine using it. Would install if I did.
+ | '''LocalisationUpdate'''|| update localization only. I'm fine updating all of mediawiki, there aren't many updates.
|+
- | '''Footnote''' || deprecated in newer versions
+ | '''NewestPages''' || A page creation history that doesn't expire like recent-changes. Meh
|+
| '''NewUserNotif''' || Send me a notification when a user registers. Seems like an excessive notification.
|+
- | '''NewestPages''' || A page creation history that doesn't expire like recent-changes. Meh
+ | '''Openid''' || Poor UI. 2 pages & 2 links <login> <login with openid> which is confusing & ugly.
+ |+
+ | '''Pdfhandler''' || Gallery of pages from a pdf file. Can't imagine using it. Would install if I did.
|+
| '''RSSReader''' || Embed an rss feed. Can't imagine using it. Would install if I did.
|+
- | '''Openid''' || Poor UI. 2 pages & 2 links <login> <login with openid> which is confusing & ugly.
+ | '''Semantic''' || Seems like a lot of trouble around analyzing kinds of data which my wiki will not have.
|+
| '''Validator''' || dependency of of semantic
|+
- | '''Semantic''' || Seems like a lot of trouble around analyzing kinds of data which my wiki will not have.
- |+
- | '''wikicalendar''' || Make a calendar of events etc. Can't imagine using it. Would install if I did.
|}
== Misc Notes ==
== todo list for this page ==
-* Check if there are any new default extensions 1.28 which I haven't evaluated.
-* Test for any new config values set by the 1.28 gui install method.
* Get Visual editor extension.
* Don't require registration for edits
+* Take a look at the new debian mediawiki package's apache conf
+* For perf, translate extensions allow/deny directives, and set AllowOverride None in apache.conf
iankelling.org / git / mediawiki-setup / blobdiff